SQL Injection is currently a type of attack used by many “defacer” groups outhere, specially against military and government websites.
Most of them just try to insert some text modification to their cause but some are trying to get sensitive data, like military information.

Today I bring you a presentation of another scanner, a SQL Injection scanner coded by Enigma Security Team. This tool is very simple to use  and has some features that guesses table admin, different type of “order by” and “union” injections and many more.

I already saw a brazilian defacer group using it for scanning and I believe they found a .gov vuln site with it.
I had translate it to english and hidden the nicknames and websites.

<defacer1> simple to use, just grab xxxxxxxx.xxxxx.gov.br
<defacer2> defacer1, gimme so I can try to grab more information
<defacer1> the users table is “usuarios” and they have plaintext passwords
<defacer2> try “noticias” for the table of latest news

Few minutes later that website was on hold on zone-h for a special defacement.